1 of 16

Privacy Budgets in IPA

PATCG, June 15, 2023

2 of 16

Outline

  1. Privacy goal in IPA
  2. Budgeting for Self Attributing Publishers
  3. Budgeting for Self Attributing Advertisers
  4. Budgeting for MMPs
  5. Budgeting for Ad Networks
    1. Design proposal #1
    2. Design proposal #2
  6. Open Questions for Discussion

3 of 16

Privacy goal in IPA

  • Each site has a DP budget per epoch on the amount of information that can be learned about people (matchkeys) who interacted with the site during that epoch.

4 of 16

Self Attributing Publishers (source fan-out query)

5 of 16

How do we enforce these budget constraints?

Encrypted matchkeys have authenticated data with them that contains

  • the site that requested the encrypted matchkey
  • the epoch when it was requested
  • whether it was requested for a source or trigger event.�

For source fan-out queries, the Helper Parties check that

  1. All the source reports in the query correspond to the source site that is submitting the source fan-out query.
  2. The source site has available budget for every epoch that was specified in the query
  3. All the source reports in the query come from the set of epochs specified in the source fan-out query.

6 of 16

Self Attributing Advertiser (trigger fan-out query)

7 of 16

MMPs (delegated trigger fan-out queries)

8 of 16

Ad Networks

9 of 16

Ad Networks: Design Proposal #1

  • Sites working with Ad Networks still receive budgets
  • Ad Networks can run source fan-out queries involving source events shown across many source sites if we simply deduct from the privacy budget of all included sites.
  • Sites would need to split their budget across multiple Ad Networks they work with

10 of 16

Ad Networks: Design Proposal #1

11 of 16

Ad Networks: Design Proposal #2

  • Ad Networks receive their own budgets
  • Sites choose to delegate to a set of Ad Networks (limit on how many)
  • We need to bind a source report to the Ad Network that requests it as well as the top-level site where the ad is shown
  • Gives full flexibility for how source-events are broken down via breakdown keys since all source events can be combined into a single query.

12 of 16

Comparison of Ad Network Designs

13 of 16

Comparison of Ad Network designs

14 of 16

Open Questions for Discussion

  1. How many Ad Networks per site are needed? How to ensure that a user wouldn’t be exposed to too many of them as they browse the web?
  2. What about publishers who serve a mixture of their own ads, as well as some ads from Ad Networks?

15 of 16

Open Questions for Discussion (cont)

  1. In terms of the impact on total information leakage and how it varies based on the number of sites a person visits (or ad networks to which they are exposed) how do people feel?
  2. What mechanisms can we employ to prevent multiple, duplicate ad-networks that are in fact operated by the same entity? How about preventing per-site ad networks?

16 of 16